Search criteria
66 vulnerabilities found for yandex_browser by yandex
FKIE_CVE-2023-26226
Vulnerability from fkie_nvd - Published: 2025-05-30 18:15 - Updated: 2025-12-05 00:01
Severity ?
Summary
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
References
| URL | Tags | ||
|---|---|---|---|
| browser-security@yandex-team.ru | https://yandex.com/bugbounty/i/hall-of-fame-browser/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:-:*:*",
"matchCriteriaId": "BCDFD14D-3DC7-447C-B6E3-2755CA50FD7D",
"versionEndExcluding": "24.4.0.682",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682"
},
{
"lang": "es",
"value": "Existe un problema de corrupci\u00f3n de memoria use after free en Yandex Browser para Desktop anterior a la versi\u00f3n 24.4.0.682"
}
],
"id": "CVE-2023-26226",
"lastModified": "2025-12-05T00:01:19.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
},
"published": "2025-05-30T18:15:32.283",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-25255
Vulnerability from fkie_nvd - Published: 2025-05-21 07:16 - Updated: 2025-06-10 15:50
Severity ?
Summary
Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| browser-security@yandex-team.ru | https://yandex.com/bugbounty/i/hall-of-fame-browser/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:lite:android:*:*",
"matchCriteriaId": "95A0B10D-4D67-429C-8985-DD8713E555F0",
"versionEndExcluding": "21.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Yandex Browser Lite para Android anterior a la versi\u00f3n 21.1.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2021-25255",
"lastModified": "2025-06-10T15:50:05.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
},
"published": "2025-05-21T07:16:00.500",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-25262
Vulnerability from fkie_nvd - Published: 2025-05-21 07:16 - Updated: 2025-06-10 15:49
Severity ?
Summary
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
References
| URL | Tags | ||
|---|---|---|---|
| browser-security@yandex-team.ru | https://yandex.com/bugbounty/i/hall-of-fame-browser/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * | |
| android | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0135C6B0-3140-4C01-B6E6-BFE83F2FF008",
"versionEndExcluding": "21.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack."
},
{
"lang": "es",
"value": "Yandex Browser para Android anterior a la versi\u00f3n 21.3.0 permite a atacantes remotos realizar ataques de hom\u00f3grafos IDN."
}
],
"id": "CVE-2021-25262",
"lastModified": "2025-06-10T15:49:44.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
},
"published": "2025-05-21T07:16:00.653",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-25254
Vulnerability from fkie_nvd - Published: 2025-05-21 07:15 - Updated: 2025-06-10 15:51
Severity ?
Summary
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
References
| URL | Tags | ||
|---|---|---|---|
| browser-security@yandex-team.ru | https://yandex.com/bugbounty/i/hall-of-fame-browser/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:lite:android:*:*",
"matchCriteriaId": "95A0B10D-4D67-429C-8985-DD8713E555F0",
"versionEndExcluding": "21.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar."
},
{
"lang": "es",
"value": "Yandex Browser Lite para Android anterior a 21.1.0 permite a atacantes remotos falsificar la barra de direcciones."
}
],
"id": "CVE-2021-25254",
"lastModified": "2025-06-10T15:51:27.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
},
"published": "2025-05-21T07:15:59.357",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-6473
Vulnerability from fkie_nvd - Published: 2024-09-03 11:15 - Updated: 2024-09-05 14:19
Severity ?
Summary
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
References
| URL | Tags | ||
|---|---|---|---|
| browser-security@yandex-team.ru | https://yandex.com/bugbounty/i/hall-of-fame-browser/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F558A-7FDC-440D-BBCC-4011C9858C1E",
"versionEndExcluding": "24.7.1.380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used."
},
{
"lang": "es",
"value": "El navegador Yandex para escritorio anterior a la versi\u00f3n 24.7.1.380 tiene una vulnerabilidad de secuestro de DLL porque se utiliza una ruta de b\u00fasqueda que no es confiable."
}
],
"id": "CVE-2024-6473",
"lastModified": "2024-09-05T14:19:45.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
},
"published": "2024-09-03T11:15:15.800",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-25261
Vulnerability from fkie_nvd - Published: 2022-06-15 20:15 - Updated: 2024-11-21 05:54
Severity ?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7BAE67-AF47-488D-8252-B712530F284B",
"versionEndExcluding": "22.5.0.862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
},
{
"lang": "es",
"value": "Una vulnerabilidad de privilegios locales en Yandex Browser para Windows versiones anteriores a 22.5.0.862 permite a un atacante local, con pocos privilegios, ejecutar c\u00f3digo arbitrario con los privilegios del SISTEMA a trav\u00e9s de la manipulaci\u00f3n de enlaces simb\u00f3licos al archivo de instalaci\u00f3n durante el proceso de actualizaci\u00f3n de Yandex Browser"
}
],
"id": "CVE-2021-25261",
"lastModified": "2024-11-21T05:54:38.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-15T20:15:17.093",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28226
Vulnerability from fkie_nvd - Published: 2022-06-15 20:15 - Updated: 2024-11-21 06:56
Severity ?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26A4CFA0-E00D-47DA-A0E6-4C5F7BC85449",
"versionEndExcluding": "22.3.3.801",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process."
},
{
"lang": "es",
"value": "Una vulnerabilidad de privilegio local en Yandex Browser para Windows versiones anteriores a 22.3.3.801, permite a un atacante local, con pocos privilegios, ejecutar c\u00f3digo arbitrario con los privilegios SYSTEM mediante la manipulaci\u00f3n de archivos temporales en el directorio con permisos no seguros durante el proceso de actualizaci\u00f3n de Yandex Browser"
}
],
"id": "CVE-2022-28226",
"lastModified": "2024-11-21T06:56:59.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-15T20:15:17.823",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28225
Vulnerability from fkie_nvd - Published: 2022-06-15 20:15 - Updated: 2024-11-21 06:56
Severity ?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC2BB44-C052-426D-9E1F-50D3946962F9",
"versionEndExcluding": "22.3.3.684",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
},
{
"lang": "es",
"value": "Una vulnerabilidad de privilegio local en Yandex Browser para Windows versiones anteriores 22.3.3.684, permite a un atacante local, con pocos privilegios, ejecutar c\u00f3digo arbitrario con los privilegios SYSTEM a mediante la manipulaci\u00f3n de enlaces simb\u00f3licos al archivo de instalaci\u00f3n durante el proceso de actualizaci\u00f3n de Yandex Browser"
}
],
"id": "CVE-2022-28225",
"lastModified": "2024-11-21T06:56:59.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-15T20:15:17.783",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-27970
Vulnerability from fkie_nvd - Published: 2021-09-13 12:15 - Updated: 2024-11-21 05:22
Severity ?
Summary
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6EFFCE-6931-4F35-A007-80506B64EE1A",
"versionEndExcluding": "20.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar"
},
{
"lang": "es",
"value": "Yandex Browser versiones anteriores a 20.10.0, permite a atacantes remotos falsificar la barra de direcciones"
}
],
"id": "CVE-2020-27970",
"lastModified": "2024-11-21T05:22:07.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-13T12:15:08.703",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-27969
Vulnerability from fkie_nvd - Published: 2021-09-13 12:15 - Updated: 2024-11-21 05:22
Severity ?
Summary
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yandex | yandex_browser | * | |
| yandex | yandex_browser | 20.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8749B748-DF80-4ACD-8164-ABD646DFCAD1",
"versionEndExcluding": "20.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yandex:yandex_browser:20.8.4:*:*:*:*:android:*:*",
"matchCriteriaId": "BC97D657-2A71-43BC-9861-1AC5BE294817",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing"
},
{
"lang": "es",
"value": "Yandex Browser para Android versi\u00f3n 20.8.4, permite a atacantes remotos llevar a cabo una omisi\u00f3n del SOP y una suplantaci\u00f3n de la barra de direcciones"
}
],
"id": "CVE-2020-27969",
"lastModified": "2024-11-21T05:22:07.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-13T12:15:07.260",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-26226 (GCVE-0-2023-26226)
Vulnerability from cvelistv5 – Published: 2025-05-30 17:23 – Updated: 2025-05-30 17:48
VLAI?
Title
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
Summary
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Credits
khangkito
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T17:48:08.779287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T17:48:16.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Browser",
"vendor": "Yandex",
"versions": [
{
"lessThan": "24.4.0.682",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "khangkito"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682"
}
],
"value": "A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T17:23:54.571Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2023-26226",
"datePublished": "2025-05-30T17:23:54.571Z",
"dateReserved": "2023-02-20T22:19:35.320Z",
"dateUpdated": "2025-05-30T17:48:16.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25262 (GCVE-0-2021-25262)
Vulnerability from cvelistv5 – Published: 2025-05-21 07:07 – Updated: 2025-05-21 13:51
VLAI?
Title
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
Summary
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
Severity ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Credits
Kirtikumar Anandrao Ramchandani
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:51:35.327719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:51:43.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Browser",
"vendor": "Yandex",
"versions": [
{
"status": "affected",
"version": "21.3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kirtikumar Anandrao Ramchandani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack."
}
],
"value": "Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T07:07:29.310Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2021-25262",
"datePublished": "2025-05-21T07:07:29.310Z",
"dateReserved": "2021-01-15T16:29:27.870Z",
"dateUpdated": "2025-05-21T13:51:43.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25255 (GCVE-0-2021-25255)
Vulnerability from cvelistv5 – Published: 2025-05-21 07:04 – Updated: 2025-05-21 14:07
VLAI?
Title
Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
Summary
Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yandex | Browser Lite |
Affected:
21.1.0
(custom)
|
Credits
Kirtikumar Anandrao Ramchandani
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T14:07:35.324725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T14:07:41.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Browser Lite",
"vendor": "Yandex",
"versions": [
{
"status": "affected",
"version": "21.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kirtikumar Anandrao Ramchandani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T07:04:02.436Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2021-25255",
"datePublished": "2025-05-21T07:04:02.436Z",
"dateReserved": "2021-01-15T16:29:27.867Z",
"dateUpdated": "2025-05-21T14:07:41.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25254 (GCVE-0-2021-25254)
Vulnerability from cvelistv5 – Published: 2025-05-21 06:58 – Updated: 2025-05-21 22:09
VLAI?
Title
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
Summary
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
Severity ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yandex | Browser Lite |
Affected:
21.1.0
(custom)
|
Credits
Kirtikumar Anandrao Ramchandani
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T22:09:21.003649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T22:09:29.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Browser Lite",
"vendor": "Yandex",
"versions": [
{
"status": "affected",
"version": "21.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kirtikumar Anandrao Ramchandani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar."
}
],
"value": "Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T06:58:00.753Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2021-25254",
"datePublished": "2025-05-21T06:58:00.753Z",
"dateReserved": "2021-01-15T16:29:27.867Z",
"dateUpdated": "2025-05-21T22:09:29.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6473 (GCVE-0-2024-6473)
Vulnerability from cvelistv5 – Published: 2024-09-03 10:35 – Updated: 2024-09-03 13:55
VLAI?
Title
DLL Hijacking in Yandex Browser
Summary
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Credits
Doctor Web, Ltd.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yandex_browser",
"vendor": "yandex",
"versions": [
{
"lessThan": "24.7.1.380",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:50:44.729657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T13:55:15.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Browser",
"vendor": "Yandex",
"versions": [
{
"lessThan": "24.7.1.380",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Doctor Web, Ltd."
}
],
"datePublic": "2024-09-03T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T10:35:59.145Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking in Yandex Browser",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2024-6473",
"datePublished": "2024-09-03T10:35:59.145Z",
"dateReserved": "2024-07-03T10:56:50.777Z",
"dateUpdated": "2024-09-03T13:55:15.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28225 (GCVE-0-2022-28225)
Vulnerability from cvelistv5 – Published: 2022-06-15 19:10 – Updated: 2024-08-03 05:48
VLAI?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser (Desktop) |
Affected:
All versions prior to version 22.3.3.684
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser (Desktop)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 22.3.3.684"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:10:32",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2022-28225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser (Desktop)",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 22.3.3.684"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2022-28225",
"datePublished": "2022-06-15T19:10:32",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-03T05:48:37.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28226 (GCVE-0-2022-28226)
Vulnerability from cvelistv5 – Published: 2022-06-15 19:06 – Updated: 2024-08-03 05:48
VLAI?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser (Desktop) |
Affected:
All versions prior to version 22.3.3.801
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser (Desktop)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 22.3.3.801"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:06:17",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2022-28226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser (Desktop)",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 22.3.3.801"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2022-28226",
"datePublished": "2022-06-15T19:06:17",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-03T05:48:37.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25261 (GCVE-0-2021-25261)
Vulnerability from cvelistv5 – Published: 2022-06-15 19:05 – Updated: 2024-08-03 19:56
VLAI?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser (Desktop) |
Affected:
All versions prior to version 22.5.0.862
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser (Desktop)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 22.5.0.862"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:05:54",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2021-25261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser (Desktop)",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 22.5.0.862"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2021-25261",
"datePublished": "2022-06-15T19:05:54",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27970 (GCVE-0-2020-27970)
Vulnerability from cvelistv5 – Published: 2021-09-13 11:46 – Updated: 2024-08-04 16:25
VLAI?
Summary
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
Severity ?
No CVSS data available.
CWE
- User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser Lite for Android |
Affected:
All versions prior to version 20.10.0.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:44.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser Lite for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 20.10.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:46:00",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2020-27970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser Lite for Android",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 20.10.0."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2020-27970",
"datePublished": "2021-09-13T11:46:00",
"dateReserved": "2020-10-28T00:00:00",
"dateUpdated": "2024-08-04T16:25:44.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27969 (GCVE-0-2020-27969)
Vulnerability from cvelistv5 – Published: 2021-09-13 11:44 – Updated: 2024-08-04 16:25
VLAI?
Summary
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
Severity ?
No CVSS data available.
CWE
- User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser for Android |
Affected:
All versions prior to version 20.8.4.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:44.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 20.8.4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:44:01",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2020-27969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser for Android",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 20.8.4."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2020-27969",
"datePublished": "2021-09-13T11:44:01",
"dateReserved": "2020-10-28T00:00:00",
"dateUpdated": "2024-08-04T16:25:44.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26226 (GCVE-0-2023-26226)
Vulnerability from nvd – Published: 2025-05-30 17:23 – Updated: 2025-05-30 17:48
VLAI?
Title
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
Summary
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Credits
khangkito
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T17:48:08.779287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T17:48:16.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Browser",
"vendor": "Yandex",
"versions": [
{
"lessThan": "24.4.0.682",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "khangkito"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682"
}
],
"value": "A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T17:23:54.571Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2023-26226",
"datePublished": "2025-05-30T17:23:54.571Z",
"dateReserved": "2023-02-20T22:19:35.320Z",
"dateUpdated": "2025-05-30T17:48:16.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25262 (GCVE-0-2021-25262)
Vulnerability from nvd – Published: 2025-05-21 07:07 – Updated: 2025-05-21 13:51
VLAI?
Title
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
Summary
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
Severity ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Credits
Kirtikumar Anandrao Ramchandani
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:51:35.327719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:51:43.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Browser",
"vendor": "Yandex",
"versions": [
{
"status": "affected",
"version": "21.3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kirtikumar Anandrao Ramchandani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack."
}
],
"value": "Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T07:07:29.310Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2021-25262",
"datePublished": "2025-05-21T07:07:29.310Z",
"dateReserved": "2021-01-15T16:29:27.870Z",
"dateUpdated": "2025-05-21T13:51:43.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25255 (GCVE-0-2021-25255)
Vulnerability from nvd – Published: 2025-05-21 07:04 – Updated: 2025-05-21 14:07
VLAI?
Title
Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
Summary
Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yandex | Browser Lite |
Affected:
21.1.0
(custom)
|
Credits
Kirtikumar Anandrao Ramchandani
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T14:07:35.324725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T14:07:41.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Browser Lite",
"vendor": "Yandex",
"versions": [
{
"status": "affected",
"version": "21.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kirtikumar Anandrao Ramchandani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T07:04:02.436Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2021-25255",
"datePublished": "2025-05-21T07:04:02.436Z",
"dateReserved": "2021-01-15T16:29:27.867Z",
"dateUpdated": "2025-05-21T14:07:41.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25254 (GCVE-0-2021-25254)
Vulnerability from nvd – Published: 2025-05-21 06:58 – Updated: 2025-05-21 22:09
VLAI?
Title
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
Summary
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
Severity ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yandex | Browser Lite |
Affected:
21.1.0
(custom)
|
Credits
Kirtikumar Anandrao Ramchandani
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T22:09:21.003649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T22:09:29.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Browser Lite",
"vendor": "Yandex",
"versions": [
{
"status": "affected",
"version": "21.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kirtikumar Anandrao Ramchandani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar."
}
],
"value": "Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T06:58:00.753Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2021-25254",
"datePublished": "2025-05-21T06:58:00.753Z",
"dateReserved": "2021-01-15T16:29:27.867Z",
"dateUpdated": "2025-05-21T22:09:29.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6473 (GCVE-0-2024-6473)
Vulnerability from nvd – Published: 2024-09-03 10:35 – Updated: 2024-09-03 13:55
VLAI?
Title
DLL Hijacking in Yandex Browser
Summary
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Credits
Doctor Web, Ltd.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yandex_browser",
"vendor": "yandex",
"versions": [
{
"lessThan": "24.7.1.380",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:50:44.729657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T13:55:15.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Browser",
"vendor": "Yandex",
"versions": [
{
"lessThan": "24.7.1.380",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Doctor Web, Ltd."
}
],
"datePublic": "2024-09-03T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T10:35:59.145Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking in Yandex Browser",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2024-6473",
"datePublished": "2024-09-03T10:35:59.145Z",
"dateReserved": "2024-07-03T10:56:50.777Z",
"dateUpdated": "2024-09-03T13:55:15.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28225 (GCVE-0-2022-28225)
Vulnerability from nvd – Published: 2022-06-15 19:10 – Updated: 2024-08-03 05:48
VLAI?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser (Desktop) |
Affected:
All versions prior to version 22.3.3.684
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser (Desktop)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 22.3.3.684"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:10:32",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2022-28225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser (Desktop)",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 22.3.3.684"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2022-28225",
"datePublished": "2022-06-15T19:10:32",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-03T05:48:37.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28226 (GCVE-0-2022-28226)
Vulnerability from nvd – Published: 2022-06-15 19:06 – Updated: 2024-08-03 05:48
VLAI?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser (Desktop) |
Affected:
All versions prior to version 22.3.3.801
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser (Desktop)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 22.3.3.801"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:06:17",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2022-28226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser (Desktop)",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 22.3.3.801"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2022-28226",
"datePublished": "2022-06-15T19:06:17",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-03T05:48:37.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25261 (GCVE-0-2021-25261)
Vulnerability from nvd – Published: 2022-06-15 19:05 – Updated: 2024-08-03 19:56
VLAI?
Summary
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser (Desktop) |
Affected:
All versions prior to version 22.5.0.862
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser (Desktop)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 22.5.0.862"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:05:54",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2021-25261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser (Desktop)",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 22.5.0.862"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2021-25261",
"datePublished": "2022-06-15T19:05:54",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27970 (GCVE-0-2020-27970)
Vulnerability from nvd – Published: 2021-09-13 11:46 – Updated: 2024-08-04 16:25
VLAI?
Summary
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
Severity ?
No CVSS data available.
CWE
- User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser Lite for Android |
Affected:
All versions prior to version 20.10.0.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:44.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser Lite for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 20.10.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:46:00",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2020-27970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser Lite for Android",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 20.10.0."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2020-27970",
"datePublished": "2021-09-13T11:46:00",
"dateReserved": "2020-10-28T00:00:00",
"dateUpdated": "2024-08-04T16:25:44.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27969 (GCVE-0-2020-27969)
Vulnerability from nvd – Published: 2021-09-13 11:44 – Updated: 2024-08-04 16:25
VLAI?
Summary
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
Severity ?
No CVSS data available.
CWE
- User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Yandex Browser for Android |
Affected:
All versions prior to version 20.8.4.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:44.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yandex Browser for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 20.8.4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:44:01",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2020-27969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yandex Browser for Android",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 20.8.4."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"refsource": "MISC",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2020-27969",
"datePublished": "2021-09-13T11:44:01",
"dateReserved": "2020-10-28T00:00:00",
"dateUpdated": "2024-08-04T16:25:44.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}